The UK’s National Cyber Security Centre (NCSC) is once again warning that pro-Russia hacktivists are a threat to critical services operators.
The cyber arm of the UK’s sigint specialists at GCHQ specifically highlighted local authorities, including regional governments, and critical national infrastructure (CNI) organizations as being at an acute risk of hacktivist denial of attacks.
These are typically denial-of-service (DoS) in nature, but the cyber defense crew warned orgs not to underestimate the damage these simple attacks can do.
In a fresh alert published on Monday, the NCSC said DoS attacks on Russia’s usual targets can disrupt entire systems, and also hit operators with financial and productivity costs when they are recovering from them.
All organizations should be working to improve their resilience to DoS attacks, the agency said, and not just local authorities and CNI organizations.
Jonathon Ellison, director of national resilience at the NCSC, said: “We continue to see Russian-aligned hacktivist groups targeting UK organizations, and although denial-of-service attacks may be technically simple, their impact can be significant.
“By overwhelming important websites and online systems, these attacks can prevent people from accessing the essential services they depend on every day.
He said all organizations “especially those identified in today’s alert”, must act now by “reviewing and implementing the NCSC’s freely available guidance to protect against DoS attacks and other cyber threats.”
The alert comes almost exactly a month after the UK co-signed an advisory, alongside other international partners, warning of the same threat to CNI from pro-Russia hacktivists.
The advisory named the Cyber Army of Russia Reborn (CARR), Z-Pentest, and Sector16 as some of the groups responsible for the attacks on Western organizations.
The law enforcement partners also included NoName057(16) in the list, the only group that the NCSC mentioned in its standalone advisory on Monday.
NoName057(16) is a particularly persistent outfit, known in the UK to target a small list of organizations for days at a time. The attacks carried out by its members routinely knock council websites offline for various lengths of time, although significant, long-term impacts are rarely recorded.
Pro-Russia hacktivists of all stripes are known for overblowing the impact of their digital nuisance-making, the NCSC said, and regularly make false and/or misleading claims about the results of attacks on CNI organizations, dressing up minor intrusions as DEFCON 1-grade carnage.
The importance of shoring up system security is illustrated by typical hacktivist tradecraft. Attackers are rarely sophisticated in the way they go about things, often relying on opportunism rather than ingenuity.
They prey on those with unpatched software bugs or insecure VNC connections, which are used frequently in CNI settings.
The NCSC recommended that all organizations should look into third-party DDoS-mitigation services to prevent these attacks, as well as using a content delivery network (CDN) for web services.
In its advisory, CISA said that using multiple service providers for certain functionality can help maintain uptime during periods of attack, as well as including many more items for at-risk entities to check off their lists.
Russia is often cited as one of the UK’s most ardent geopolitical adversaries. National security officials have previously described the threat presented by Putin’s regime as the foremost threat facing the West today, while China is often referred to as an epoch-defining challenge for the longer term.
MI6 director Blaise Metreweli said in December that the UK is currently operating in a grey zone between peace and war with regard to Russia, just below the threshold of war.
Baroness Manningham-Buller, former director general of MI5, however, said in September that she believes the UK may already be at war with Russia, albeit an undeclared one.
The Register asked the NCSC for more information. ®